<?php

$link = mysqli_connect ( "localhost", "root", "fred", "test" );

/* check connection */
if ( mysqli_connect_errno () )
{
	printf ( "Connect failed: %s\n", mysqli_connect_error () );
	exit ();
}

$name = "Jonnie";
$sql1 = "INSERT into contacts (name) VALUES ('$name')";

/* this query will fail, cause we didn't escape $city */
if ( ! mysqli_query ( $link, $sql1 ) )
{
	printf ( "Error: %s\n", mysqli_sqlstate ( $link ) );
}

echo $sql1;

$name = mysqli_real_escape_string ( $link, $name );

/* this query with escaped $city will work */
$sql2 = "INSERT INTO contacts (name) VALUES ('$name')";

if ( mysqli_query ( $link, $sql2 ) )
{
	printf ( "%d Row inserted.\n", mysqli_affected_rows ( $link ) );
}
echo $sql2;

?>